Security Engineering



Definition

Security engineering is the activity consisting of the cohesive collection of all tasks that are primarily performed to ensure the security of an endeavor and its work products.

As you can see in the following figure, security engineering is performed by the security team using security tools. It consists of seven tasks, the performance of which produces the four security work products.


Summary of Security Engineering. Go to the Security Team. Go to the Security Tools. Go to the Security Engineering activity. Go to the Security Threat Prevention task. Go to the Security Threat Detection And Analysis task. Go to the Security Threat Deterrence task. Go to the Security Risk Assessment task. Go to the Security Policy Production task. Go to the Security Auditing task. Go to the Security Enforcement task. Go to the Security Risk Assessment document. Go to the Security Policy. Go to the Privacy Statement. Go to the Security Audit Report.

Goals

The typical goals of the security engineering activity are to:

Objectives

The typical objectives of the security engineering activity are to:

Examples

Examples of the security engineering activity include engineering the security of a:

Preconditions

Security engineering typically may begin when the following preconditions hold:

Completion Criteria

Security engineering is typically complete when the following postconditions hold:

Tasks

The security engineering activity typically involves the following producers performing the following tasks:

Environments

Security engineering is typically performed using the following environment(s) and associated tools:

Work Products

The security engineering activity typically results in the production of the following work products:

Phases

The security engineering activity tasks are typically performed individual phases as documented in the following table:


Phase Relevant Security Tasks
Business Strategy Phase Security Auditing
Security Enforcement
Security Policy Production
Security Risk Assessment
Security Threat Detection And Analysis
Security Threat Deterrence
Security Threat Prevention
Business Optimization Phase Security Auditing
Security Enforcement
Security Policy Production
Security Risk Assessment
Security Threat Detection And Analysis
Security Threat Deterrence
Security Threat Prevention
Initiation Phase Security Auditing
Security Enforcement
Security Policy Production
Security Risk Assessment
Security Threat Detection And Analysis
Security Threat Deterrence
Security Threat Prevention
Construction Phase Security Auditing
Security Enforcement
Security Policy Production
Security Risk Assessment
Security Threat Detection And Analysis
Security Threat Deterrence
Security Threat Prevention
Delivery Phase Security Auditing
Security Enforcement
Security Policy Production
Security Risk Assessment
Security Threat Detection And Analysis
Security Threat Deterrence
Security Threat Prevention
Usage Phase Security Auditing
Security Enforcement
Security Policy Production
Security Risk Assessment
Security Threat Detection And Analysis
Security Threat Deterrence
Security Threat Prevention
Retirement Phase Security Auditing
Security Enforcement
Security Policy Production
Security Risk Assessment
Security Threat Detection And Analysis
Security Threat Deterrence
Security Threat Prevention

Guidelines